CVE-2022-1054 — MEDIUM (5.3)

Q: How severe is CVE-2022-1054?

CVE-2022-1054 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-1054?

Check the references section above for vendor advisories and patch information. Affected products include: Wpchill Rsvp And Event Management.

Vulnerability Description

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name, last name and email address of user registered for events

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Wpchill	Rsvp And Event Management	< 2.7.8

Related Weaknesses (CWE)

CWE-862

References

https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578dExploitThird Party Advisory
https://wpscan.com/vulnerability/95a5fad1-e823-4571-8640-19bf5436578dExploitThird Party Advisory

FAQ

What is CVE-2022-1054?

CVE-2022-1054 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result...

How severe is CVE-2022-1054?

CVE-2022-1054 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-1054?

Check the references section above for vendor advisories and patch information. Affected products include: Wpchill Rsvp And Event Management.